Privacy concerns with project homepage phyphox.org
Closed this issue · 1 comments
To what extent are the Google integrations (Playstore and Google Fonts) compatible with the GDPR and the German TTDSG?
First of all: Thanks a lot for reporting this and I am very sorry about this. This should not have happened and is an embarrassing oversight.
Short response to the issue is that I have removed the Google Fonts link and changed the source of the Google Play badge to one hosted on our own server.
Long explanation how this happened for anyone interested to allow for some insight to how we think about privacy and why this happened:
The page is an old Wordpress page from 2016, which I set up myself and while we are thinking about replacing it with a static more up to date one for a while now we simply did not yet have the capacity to do it. When GDPR came into effect, I went over the entire thing to clean it up and I am very sure that I removed Google Font as well, especially as the font on the site visibly changed from Montserat to whichever sans-serif font the user has available. Strangely, the Google Font link that was in there now requested Merriweather, which is a serif font not being used anywhere on our site (not to be confused with Merriweather Sans, which is the font of the phyphox logo, which is embedded as an image). Merriweather is the default font of the Wordpress base-theme "twentysixteen" from which our theme is derived as a child theme, so I suspect that at some point an updated changed how Google Fonts is embedded into the page, which rendered our method to override it useless.
The story about the Play Button is a bit more embarrassing. I have no idea why I embedded it from Google's server in the first place. Had you asked me, I would have sworn that we host it from our server, because after all it is just an image. In fact, the image has been on our server all along, but for some reason the image URL did not use it. I probably did not even expect this when cleaning the page for GDPR.
So, again, many thanks and apologies. And to anyone reading this, please let us know if you find any similar concerns.